McAfee Quiz Lets Users Test Their Phishing Know-How

McAfee lets you test yourself at picking out malicious e-mails and telling real Web sites from fraudulent imitators.
Think you know your way around the plethora of phishing sites that are trying to separate you from your money?

Well, now you can put yourself to the test, literally.

McAfee SiteAdvisor, the testing and rating wing of security company McAfee, is offering a 10-question quiz to test users on how well they can avoid getting hooked into a fraudulent site that has been set up to rob them of their identifying information, as well as their money. Can you resist opening e-mails with subject lines like, "Urgent Security Notification" or "Your Account is Being Closed"? Can you tell the difference between a real Bank of America page and a well-designed phony?

Now you can find out.

"It's an educational campaign. It's for IT managers and the casual consumer," said Shane Keats, a research analyst with McAfee, in an interview. "Phishing cuts across all levels of technical sophistication. We all know really savvy people who have been tricked by phishing attacks because it keeps getting more sophisticated. It's harder to judge whether a site is a phishing site than you think, and frankly, we all need a little help."

The quiz, according to Keats, tests people on two fronts -- the psychological attack and the technical attack.

"Folks shouldn't feel bad if they get a lousy score because the phishers who put these sites together are using really, really sophisticated psychology and technology to get us to not use our common sense," he added.

Phishers use tricky psychology to try to make users panic. They send out waves of spam e-mail that might warn that something is wrong with their bank account or that an account is actually being closed or broken into. Keats noted that the language is as exaggerated as it can be and still be realistic.

The technical aspect of the attack is to build a Web page that looks incredibly similar to the real McCoy. "When the user gets to that link, they get a site that looks nearly pixel for pixel like the real thing," said Keats. "And if they click around, nine out of 10 times the only illegitimate part of the site is where they enter their personal information It's hard to tell that these sites aren't the real thing."

Keats offers a few tips to help keep users safe:

  • Avoid panic -- You don't have to click on anything right now. Take the time to think it through;

  • Never click on a link in an e-mail -- If you want to go to your bank's Web site, type the URL in yourself; and

  • Bulk up, security-wise -- Use anti-phishing software along with your traditional security software. The combination will help protect you.
  • Keats also gives credit to MailFrontier, a security company that inspired McAfee researchers with its own earlier phishing quiz.

    Editor's Choice
    Brandon Taylor, Digital Editorial Program Manager
    Jessica Davis, Senior Editor
    Terry White, Associate Chief Analyst, Omdia
    Richard Pallardy, Freelance Writer
    Cynthia Harvey, Freelance Journalist, InformationWeek
    Pam Baker, Contributing Writer